Speech by SEC Staff:
Remarks for the International Organization of Securities Commissions Annual Conference Panel on the Regulation of Credit Rating Agencies

by

Ethiopis Tafara

Director, Office of International Affairs
U.S. Securities and Exchange Commission

Colombo, Sri Lanka
April 6, 2005

Introduction

Thank you, David. I also want to thank our hosts, the Sri Lankan Securities and Exchange Commission, for hosting the 30th IOSCO Annual Conference on their wonderful island. I have to disagree with Marco Polo - truly Sri Lanka is one of the most beautiful islands, regardless of size.

But before I begin these remarks, as is customary for those of us from the SEC, I should start with our standard disclaimer.

The U.S. Securities and Exchange Commission disclaims responsibility for any private publication or statement of any SEC employee or Commissioner. These remarks express the author's views and do not necessarily reflect those of the Commission, the Commissioners, or other members of the SEC staff.

With that said, I would like to keep my remarks short. The regulatory issues that credit rating agencies raise are well-known to everyone. Moreover, this panel brings together some true luminaries. I am sure you will be more interested in their views than my remarks. However, IOSCO has asked me to put the "ball in play", so to speak, so I would like to outline a few points for the discussion. The points I raise might appear provocative and they are designed to engender debate. However, I do not believe they are gratuitous.

The IOSCO Task Force

First, I would first like to outline what IOSCO has done.

As many of you know, this past December, the IOSCO Technical Committee published its Code of Conduct for Credit Rating Agencies. The Code builds on a set of Principles Regarding the Activities of Credit Rating Agencies, as well as an IOSCO Report on the relevant regulatory issues.

The IOSCO Code has received a fair amount of attention. All of the major rating agencies have agreed to sign on to its provisions. It has been favorably cited by CESR in its report to the European Commission, and by the SEC in its testimony to the US Congress.

I would like to briefly touch upon the work of the Task Force that developed the IOSCO Code, and highlight several issues uncovered in the process of developing the Code.

One thing became immediately clear at the outset of the Task Force's work. While the group correctly identified the potential regulatory issues raised by the activities of rating agencies, it became apparent that members of the Task Force each gave greater weight to different concerns. It also rapidly became obvious that some of the concerns highlighted by issuers, investors and the media were potentially in conflict.

For example, following Enron, Worldcom and Parmalat, rating agencies were widely criticized for taking at face value the companies' statements about their financial conditions. Critics charged that the rating agencies failed to dig below the surface of these issuers' financial statements, and failed to react quickly enough when it became apparent that financial problems might exist.

However, these same rating agencies were being widely criticized (by issuers, in particular), for failing not to take at face value arguments from companies about the "special circumstances" they gave to explain poor performance on their balance sheets.

Issuers also accused rating agencies of rushing to publish rating changes, without giving the issuers time to "prepare" the market for the change.

Likewise, some critics noted an inherent conflict of interest in the business model of rating agencies whereby they received the bulk of their revenue from issuers. These critics argue that by virtue of this payment structure, rating agencies are beholden to issuers and their analytical independence is thereby undercut. At the same time, others complained that the ratings industry is an oligopoly. Large rating agencies so dominate the industry that issuers are helpless and at the mercy of these firms.

Proposed solutions to this issue were equally contradictory. Consider that, when the Task Force published a draft of the Code for public comment, some suggested that the only way to address the conflict of interest was to ban issuer fees altogether. Rating agencies would then rely solely on subscription fees. Others, however, noted that rating agencies in many cases receive nonpublic information from issuers. Consequently it would be unfair - indeed, even illegal in some jurisdictions - for rating agencies to provide such ratings only to subscribers and not to the public.

IOSCO CRA Code of Conduct Fundamentals

Given these sometimes conflicting concerns and contradictory solutions, the IOSCO Task Force set about trying to clarify the fundamentals and focused on one overarching principle: credit ratings exist to benefit investors. Ratings are not designed to make it easier for issuers to access our capital markets - though, where investors have faith in the integrity and reliability of credit ratings, that is inevitably a happy byproduct. Nor do ratings serve to make the lives of regulators easier - though, again, ideally this too can be a nice side-benefit.

With the point of departure being that credit ratings exist to serve investors, the Task Force set about looking at several broad issues and concerns. The issues were:

How can rating agencies best protect the quality and integrity of the rating process?

How can rating agencies best guard against conflicts of interest that might undermine their analytical independence?

What types of information should rating agencies disclose to best assure investors, issuers and regulators alike that their ratings processes, methodologies and internal compliance systems are strong and designed to produce timely, reliable, analytically independent ratings?

How can rating agencies best assure that any confidential information given to them by issuers is not misused?

And, finally, how can IOSCO create a code of conduct for rating agencies that is robust enough to address all of these concerns, but still flexible enough to be useful to all rating agencies, of all sizes and business models, operating in widely disparate markets and legal systems?

When looked at in its entirety, I believe the IOSCO Code does a remarkable job of addressing each of these points in such a way that the varying concerns of investors, regulators, issuers and other market participants are addressed. And I think others agree. Not only has the Code been cited favorably by many credit rating agencies, but it has also been cited favorably by many issuers and investor groups.

And, while some have said the Code is "overly granular," I would suggest that its 33 provisions are not overly prescriptive. Rather, they lay out a number of important objectives and mechanisms that regulators, investors, issuers and even rating agencies agree are critical to maintaining investor confidence in the ratings process. In this regard, I agree with the Bond Market Association that the Code "strikes the right balance" between prescriptiveness and flexibility.

Moreover, the Code contains an important "comply or explain" aspect that creates a market "oversight" mechanism to monitor the flexibility afforded rating agencies in implementing the Code provisions. While IOSCO expects all rating agencies to give effect to each of the Code's provisions, implementation is left to each rating agency in function of its own legal and market circumstances. If a rating agency decides not to implement a specific provision of the Code, it must explain why and how what it is doing otherwise meets the objectives that the provision is designed to accomplish. Investors, issuers and regulators can then judge for themselves whether this deviation from the Code makes sense, and react accordingly.

Ongoing Issues

There remain several outstanding issues that must be resolved for the IOSCO Code to be a success. These are issues that existed before the IOSCO Task Force was formed, and that cannot be adequately addressed by IOSCO alone. These issues relate to communication - communication among regulators, rating agencies, issuers, and investors themselves.

One of the first things the IOSCO Task Force learned is that there exists a considerable degree of misunderstanding about what rating agencies do. When we began our work, the operations of rating agencies were not entirely familiar to us. We were not alone in this regard. Through the process of consultation and discussion, it soon became apparent that retail investors, reporters, and even issuers also did not fully grasp the business of rating agencies.

At the outset of the Task Force's work, one also got the impression that the rating agencies themselves did not fully understand the concerns of everyone else.

I believe IOSCO has gone a long way to facilitate communication among all these groups. One of the first things the IOSCO Task Force did was to meet with representatives of the largest rating agencies, to educate itself about their operations. In turn, the Task Force expressed its own concerns to the rating agencies. And, to help educate the public about what rating agencies do and explain to rating agencies what regulators' concerns are, the IOSCO Technical Committee published a Report explaining these matters in (hopefully) easily understandable terms.

Despite this work, I am concerned that several widely held perceptions may hinder this informal discussion now taking place among rating agencies, investors, issuers and regulators. These are perceptions that I would like to posit to the panel for discussion.

Issues for CRAs

I believe the biggest misperception I hear from rating agencies is that they issue mere opinions about the creditworthiness of issuers and debt-like financial instruments. If I were to form a credit rating agency, Tafara Ratings, Inc. would be giving out mere opinions. A triple-A rating from Moody's, Standard and Poor's, or Fitch is an opinion, but there is nothing "mere" about it.

Correct or not, these opinions can carry considerable weight with investors and have the potential to move markets. And, for better or worse, these ratings sometimes are used in regulation. Of course, if rating agencies are wrong on a consistent basis, I would be willing to bet investors wouldn't continue to accord them much weight for very long. And regulators, too, would reassess their use of those ratings. But these ratings are not looked at as just another set of opinions. They are highly respected. And, because they are so respected, rating agencies have a special obligation - to investors, to issuers and to themselves - to guard the integrity and quality of those ratings.

Consequently, it should come as no surprise to rating agencies that market participants and regulators take a very strong interest in how these opinions are formed. Investors, in particular, want to be reassured that they aren't making a mistake in placing so much faith in a rating agency's opinions. And, because the opinions of some rating agencies are so respected that they can move markets, regulators want to be reassured that rating agencies have controls in place to make sure that unscrupulous individuals do not take advantage of this power for their personal gain.

Of course, we should all recognize that rating agencies have a right to be wrong. Rating agencies do not have crystal balls. They will not always be right, and we do ourselves a disfavor if we insist they must be. A credit rating agency that is excessively cautious in its analysis is nearly as useless to an investor as one that is not cautious enough.

That said, rating agencies should realize that a desire for more transparency and for strong internal controls is not a demand that the rating agencies be infallible. It is, rather, prudence on the part of market participants and regulators about the process for developing ratings. As one US president used to say, "Trust…but verify."

Issues for Regulators

We regulators have issues to confront as well.

Ratings are used in a variety of financial regulations - such as in calculating capital requirements for banks under the new Basel Capital Accord or under the SEC's own Net Capital Rule. Of course, these regulations call not for just any rating. Ratings from Tafara Ratings, Inc. are unlikely to be permitted by any sane financial regulator in the foreseeable future. As a result, many regulators have some type of recognition process. In the United States, this is through a no-action letter from the SEC staff to the rating agency.

No one has proposed a widely accepted alternative to relying on credit ratings for calculating net capital reserve requirements or the composition of mutual fund portfolios. Nonetheless, going forward, I propose that securities regulators might benefit by thinking doubly hard when proposing future regulations that use credit ratings.

My question to regulators is whether there are moral hazards created when financial regulators "recognize" certain CRAs for regulatory purposes? Even when we make it clear that regulatory recognition does not constitute a "stamp of approval," is it nonetheless viewed as such by market participants? Is there a risk that investors come to rely on this recognition in place of conducting their own review of the reliability of a given CRA's track record?

Issues for Issuers

I believe issuers have a certain number of questions to consider.

It was clear from some of the comment letters received by the IOSCO Task Force that many issuers would like greater input into the ratings process. Some wanted more transparency about the process - an understandable request, since many seemed unsure of with the analysis that goes into a credit rating decision.

Others, however, seemed content on establishing a veto right of sorts in relation to ratings that would not be favorable to them. One comment, I recall, even suggested that rating agencies should be prohibited from changing a rating if an issuer decides to raise capital from the public, but does not specifically request that their rating be updated. To my mind, this suggestion is amazing, since the act of accessing the capital markets very obviously could affect an issuer's ability to repay its debts. This is precisely the time investors would want a rating updated!

My question to issuers is whether, in their desire to seek more "control" over the ratings process, is there a risk that they will kill the goose that lays the golden eggs?

One way to think about rating agencies is that they are specialized firms to which some investors outsource their research of a prospective investment. Rather than conducting their own analysis of an issuer's creditworthiness - which may require considerable resources and expertise - they outsource this to a rating agency. Or, with institutional investors, a rating agency's rating acts as a quality control check against their own analysis - they look at a rating agency's rating to see if I missed anything.

If investors start to view rating agencies as insufficiently independent of the issuers they rate, then investors will be unwilling to use these ratings in place of their own research. Or they will not view a rating as an adequate quality control check of their own analysis. And, if this happens, without a doubt, investors own analysis will become more conservative. Because they do not have the resources to conduct the same review that a rating agency might, investors will assume the worst about an issuer - and demand a premium return as insurance.

Issues for Investors

This turns to my last question to the panel.

In the wake of several recent financial scandals, complaints were raised in the popular media that the "investment grade" ratings assigned to these issuers convinced investors to purchase the issuers' stock just prior to when these companies collapsed.

My question is simple: Do retail investors sufficiently understand what credit ratings are? Do they recognize that a credit rating is not a recommendation to buy or sell a security? Is there sufficient understanding that the fact that there is very little chance that an issuer will default on a given security says nothing about whether, at a given price, that security is a good investment?

And, if there is a widespread misperception among retail investors about what a credit rating is, do rating agencies, regulators, issuers or other market participants have a role in correcting this misperception?

Final Issue: Enforcement

The IOSCO Code, the Principles and Report on rating agencies try to answer many of these questions. They explain the issues rating agencies raise for markets and why maintaining the quality and integrity of the ratings process is so vital to all market participants. The Code set forth mechanisms by which rating agencies can protect quality of rating and the integrity of the rating process, and address the concerns of investors, issuers and regulators alike. The Report explains the issues raised by the use of credit ratings in financial regulation, and warns investors that credit ratings are not recommendations.

One matter the IOSCO Code does not address is enforcement. While there is a market mechanism by which market participants can judge for themselves whether what a rating agencies says it will do is sufficient, there is no mechanism by which regulators and market participants can be sure that rating agencies are complying with the substance of the Code.

My question to the panel, then, is, can the Code function effectively without such a mechanism?

And, as a follow-up question, if there needs to be an enforcement mechanism, is there a danger that any enforcement mechanism will kick into play more often when a rating agency is wrong than when it is right? And won't this, in turn, push rating agencies into becoming overly cautious with their ratings - to the detriment of issuers and investors alike?

And, if an enforcement mechanism is not necessary, how can investors be assured that a rating agency is following the IOSCO Code as it says it is? What substitute to enforcement exists?